{"id":12106,"date":"2022-12-30T04:12:19","date_gmt":"2022-12-30T11:12:19","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=12106"},"modified":"2023-04-06T15:15:48","modified_gmt":"2023-04-06T22:15:48","slug":"how-safe-is-your-database","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/how-safe-is-your-database\/","title":{"rendered":"How Safe is your Database?"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

A data breach resulting in the loss of their jobs is one of the worst nightmares for a CISO. Research<\/a> says that companies that have experienced a breach underperform the market by more than 15% three years later. That brings you to the question – \u201cIs your data safe?\u201d<\/em><\/p>

Securin analyzed more than 290 database products and identified 4352 vulnerabilities, of which 24% have high predictive risk ratings, and 12% are trending in the wild! What should be your course of action? Read on to know\u2026<\/em><\/strong><\/p>

Data breaches exposing millions of personal data, bank information, credentials, social security numbers, and healthcare records have become commonplace in the past few years. These organizations suffer not just reputational loss but significant financial reparations that need to be made to their clients and customers.<\/p>

Many organizations have gone bankrupt following cyber attacks that exposed their customer data. In fact, 60 percent of small companies go out of business within six months of falling victim to a data breach or cyber attack<\/a>. One of the major contributors to these are the vulnerabilities in database products.<\/a><\/p>

Our research dives deep into database vendors and products to help you understand which are vulnerable to attackers and what you can do to safeguard them. We identified weakness enumerations, vulnerabilities, weaponization statistics, exploit types, ransomware associations, and ties with APT groups that plague these database offerings.\u00a0<\/p>

In 2020<\/a>, we identified 1449 vulnerabilities across 18 vendors. Our latest 2022 research has grown to include 128 unique vendors and 291 products and identified 4352 vulnerabilities overall. This analysis includes a broad umbrella of database products with data capabilities including storage, management,\u00a0 analytics, and visualization<\/p>

Our analysis is two-fold: Definitive Analysis, which deals with known vulnerabilities and associated threats, and Predictive Analysis which leverages Securin’s proven AI\/ML capabilities that provides a risk rating of a vulnerability being exploited in the wild.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Definitive Analysis<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

In this section, we deal with definitive intelligence, like the vulnerabilities in databases, their exploitation by threat actors, and publicly available exploits linked to these vulnerabilities.<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Vulnerability Prioritization<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Our research into database products identified 4352 vulnerabilities that expose them to attackers. Of these, 509 CVEs (12%) are being actively searched by attackers. These vulnerabilities, if left unchecked, can serve as low-hanging fruit for attackers to feast\u00a0on.<\/p>

As we delve deep into this research, our experts provide the threat context of these vulnerabilities to understand which of these could pose the greatest danger to organizations. Threat actors have already weaponized 303 vulnerabilities, an indication that threat actors have ready methods to exploit these vulnerabilities and thus warrant immediate attention from organizations.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Below, we further look into some of the key vulnerability findings from our research.<\/p>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Dangerous Vulnerabilities:<\/strong> The most worrisome fact here is that, of the vulnerabilities with exploits available in the public domain, 63% can allow attackers to execute custom code remotely or even escalate privileges once they gain entry into vulnerable networks. This gives attackers the upper hand, allowing them to enter into networks, crawl through deeper, or even chain multiple vulnerabilities together to cause maximum disruption on affected networks.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

<\/p>

\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Ransomware and APT Group Associations:<\/strong> Vulnerabilities with known instances of exploitation by ransomware and Advanced Persistent Threat (APT) groups are of the highest order of threat to organizations as unpatched instances of these vulnerabilities offer a permanent attack window to threat actors on the lookout. Further, with instances of threat groups increasingly sharing techniques and tactics among them, the danger is all the more enhanced.<\/p>

Four ransomware groups\u2014Scarab, Locky, Satan, and Gimemo, and 24 APT groups- have previously exploited seven database vulnerabilities thus far.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

\"\"<\/p>

\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Known Exploited Vulnerabilities (KEVs) catalog by Cybersecurity and Infrastructure Security Agency (CISA )<\/strong>: As a measure to warn organizations against threat actor-favored vulnerabilities, CISA maintains a repository of Known Exploited Vulnerabilities (KEVs) that is regularly updated. At the time of this investigation (September 2022), 18 of the vulnerabilities we identified in databases were part of the CISA KEVs.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Of the vulnerabilities in database products, 28 of them have been explicitly called out in our blogs that focus on trending threats to provide organizations with timely warnings against significant exposures.<\/p><\/blockquote>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Severity Analysis<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

We looked at the database vulnerabilities from a severity perspective to understand how many critical and high-severity vulnerabilities organizations might have in their networks. By NVD\u2019s CVSS standards, 32.6% of all database vulnerabilities fall into this category.<\/p>

We further scored the vulnerabilities using our proprietary Vulnerability Risk Score (VRS) that attributes severities considering additional threat context and trending factors. The result was that, by VRS standards, 6.7% of the vulnerabilities belonged to the critical-high category. This is in close agreement with the percentage of weaponized vulnerabilities overall (6.96%).<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

\"\"<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

The Securin Vulnerability Intelligence (VI) platform continuously tracks and assesses a vulnerability\u2019s real risk to an organization based on past and current events, and interest in the vulnerability from hackers. To quantify this risk, VI attributes a Vulnerability Risk Score (VRS) to every vulnerability that reflects its threat context and the likelihood of the vulnerability being exploited in the wild.<\/p><\/blockquote>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

Vulnerabilities with a critical or high severity rating need to be prioritized for patching sooner rather than later. Given this, organizations need to adopt a threat-based perspective to classify the vulnerabilities to be considered and not simply depend on NVD ratings that might overwhelm security researchers with the sheer volume of vulnerabilities.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Latency Analysis<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

For a long time now, one of the major aspects of our research has been to focus on the latencies along a CVE\u2019s timeline, from being published to being associated with threat actors. One constant factor that has stood out is how quickly attackers are weaponizing vulnerabilities today, within days of NVD disclosure and sometimes even before the vendor publishes a vulnerability.<\/p>

In this context, we also studied the vulnerabilities in databases from a latency lens. On comparing the gaps between when the NVD disclosed a vulnerability and when public exploits for the same were released, here is what we found:<\/p>